[Openid-specs-native-apps] NAPPS and a2p3
Mike Varley
mike.varley at securekey.com
Tue Dec 10 19:04:33 UTC 2013
Hello all,
I’m excited to see the NAPPS spec get some traction, as it is very (very) closely related to a project the Government of British Columbia sponsored a while ago to support Mobile Applications leveraging their new BC Services (government services) card as an authentication mechanism.
The current spec is not based on OpenID Connect, but I think that the NAPP model is probably a better fit. The same principles apply:
* user authenticates and obtains a ‘primary’ token
* a mobile agent exchanges that primary token for secondary tokens to various resource servers
* tokens are sent back to the App looking to leverage the resource servers (for collecting attributes).
The a2p3 project was focused on a privacy enhanced model (which may matter more in government scenarios then in enterprise scenarios) but there still may be some useful things to consider; off the top of my brain, things like:
1) separating the authentication service from the token ‘exchange’ service (I believe this was discussed a bit on the call today)
2) some methods / models for obtaining authorization (consent) outside of the context of authentication (if the authentication service is not supposed to know the data being released, but the token exchange can)
3) privacy enhanced tokens that do not require the resource server to make a back channel call to the token exchange (TA).
Anyhow, I am sharing it with the group because there is definitely some overlap, and there may be some useful stuff. The document was published under the Open Web Foundation license.
http://www.a2p3.ca
Spec draft 10:
http://www.a2p3.net/PDFs/A2P3%20Protocol%20draft%2010.pdf
Please have a look to see if there is anything we can leverage from this effort to help move NAPP along.
Thanks all,
MV
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mike Varley
Enterprise Architect SecureKey Technologies
mike.varley at securekey.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More information about the Openid-specs-native-apps
mailing list